now checking whether a pod is not part of any application.
This commit is contained in:
parent
ee8c0a2204
commit
86572e8063
@ -95,6 +95,18 @@ func (c *Cluster) IsLinkerdEnabled(application *Application) bool {
|
|||||||
return ns.Annotations["linkerd.io/inject"] == "enabled"
|
return ns.Annotations["linkerd.io/inject"] == "enabled"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Cluster) NamespaceLIst() []v1.Namespace {
|
||||||
|
return MapValues(c.namespaces)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Cluster) Namespace(name string) v1.Namespace {
|
||||||
|
return c.namespaces[name]
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Cluster) PodList(namespace string) []v1.Pod {
|
||||||
|
return c.pods[namespace]
|
||||||
|
}
|
||||||
|
|
||||||
func (c *Cluster) PortNumbers(application *Application) []Port {
|
func (c *Cluster) PortNumbers(application *Application) []Port {
|
||||||
if !c.IsLinkerdEnabled(application) {
|
if !c.IsLinkerdEnabled(application) {
|
||||||
return nil
|
return nil
|
||||||
|
|||||||
@ -1,11 +1,9 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"iter"
|
"iter"
|
||||||
"k8s.io/api/core/v1"
|
"k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"maps"
|
"maps"
|
||||||
"os"
|
"os"
|
||||||
"slices"
|
"slices"
|
||||||
@ -65,11 +63,14 @@ func validate(files []string, options *Options) error {
|
|||||||
applicationPods := make(map[string][]v1.Pod)
|
applicationPods := make(map[string][]v1.Pod)
|
||||||
for _, ns := range config.Namespaces {
|
for _, ns := range config.Namespaces {
|
||||||
namespace := ns.Name
|
namespace := ns.Name
|
||||||
_, err = clientset.CoreV1().Namespaces().Get(context.Background(), namespace, metav1.GetOptions{})
|
|
||||||
if err != nil {
|
if cluster.Namespace(namespace).Name != namespace {
|
||||||
LogValidationMsg(Error, "ERROR: namespace not found: %s", namespace)
|
LogValidationMsg(Error, "ERROR: namespace not found: %s", namespace)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
if !ns.Open {
|
||||||
|
podsNotPartOfAnyApplication(cluster, namespace, ns)
|
||||||
|
}
|
||||||
|
|
||||||
// checking for service accounts shared by applications
|
// checking for service accounts shared by applications
|
||||||
// map of namespace/sa -> []applicationname
|
// map of namespace/sa -> []applicationname
|
||||||
@ -199,6 +200,28 @@ func validate(files []string, options *Options) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func podsNotPartOfAnyApplication(cluster *Cluster, namespace string, ns *Namespace) {
|
||||||
|
// Pods in the nemsapce that are not covered by any application
|
||||||
|
|
||||||
|
namespacePods := cluster.PodList(namespace)
|
||||||
|
namespacePods = slices.DeleteFunc(namespacePods, func(pod v1.Pod) bool {
|
||||||
|
return pod.Spec.HostNetwork == true
|
||||||
|
})
|
||||||
|
podNames := make(map[string]bool)
|
||||||
|
for _, pod := range namespacePods {
|
||||||
|
podNames[pod.Name] = true
|
||||||
|
}
|
||||||
|
for _, application := range ns.Applications {
|
||||||
|
for _, pod := range cluster.Pods(application) {
|
||||||
|
delete(podNames, pod.Name)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for podName, _ := range podNames {
|
||||||
|
LogValidationMsg(Error, "ERROR: pod %s/%s not part of any applications",
|
||||||
|
namespace, podName)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func HasPort(pod v1.Pod, port Port) bool {
|
func HasPort(pod v1.Pod, port Port) bool {
|
||||||
if port.Protocol == "" {
|
if port.Protocol == "" {
|
||||||
port.Protocol = "TCP"
|
port.Protocol = "TCP"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user